topscoder

ripgrep

ripgrep recursively searches directories for a regex pattern while respecting your gitignore

FinGPT

FinGPT: Open-Source Financial Large Language Models! Revolutionize 🔥 We release the trained model on HuggingFace.

awesome-hacker-search-engines

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

openblocks

🔥 🔥 🔥 The Open Source Retool Alternative

can-i-take-over-xyz

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

OneListForAll

Rockyou for web fuzzing

dnsReaper

dnsReaper - subdomain takeover tool for attackers, bug bounty hunters and the blue team!

V3n0M-Scanner

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

GitHacker

🕷️ A `.git` folder exploiting tool that is able to restore the entire Git repository, including stash, common branches and common tags.

weaponised-XSS-payloads

XSS payloads designed to turn alert(1) into P1

uro

declutters url lists for crawling/pentesting

bruteforce-lists

Some files for bruteforcing certain things.

diodb

Open-source vulnerability disclosure and bug bounty program database

Nuclei-Templates-Collection

Nuclei Templates Collection

cent

Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place

duplicut

Remove duplicates from MASSIVE wordlist, without sorting it (for dictionary-based password cracking)

nuclei-wordfence-cve

The EXCLUSIVE Collection of 37,000+ Nuclei templates based on Wordfence intel. Daily updates for bulletproof WordPress security.

dontgo403

Tool to bypass 403/40X response codes.

magicRecon

MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.

bfac

BFAC (Backup File Artifacts Checker): An automated tool that checks for backup artifacts that may disclose the web-application's source code.

chatgpt-prompts-bug-bounty

ChatGPT Prompts for Bug Bounty & Pentesting

Private-Nuclei-Templates

gdn

A GO module to get domain name from SSL certificates when an IP address is provided.

fourohme

FourOhMe is a tool for testing HTTP headers on a website in order to try to bypass 40* HTTP codes. Written in Go, so easy to install and fast out of the box.

fuzzing-templates

Community curated list of nuclei templates for finding "unknown" security vulnerabilities.

nuclei-zero-day

This repository contains random Nuclei templates I've created. Most of them based on recent security issues and exploits.

urlscan-search

urlscan.io search for domains

oldhost

oldhost is a tool for bug bounty hunters to discover old hosts that are no longer available, but might still be present on different known and related servers.

domainer

Domainer is a Go script that allows you to extract the root domains from a list of domains based on the ARPANET RFC's for (top-level) domains (TLDs). It removes the scheme (if present) from the input domains and extracts the last label before the TLD to produce the root domain. The extracted root domains are then printed as output.

ptr

ptr is a Go script that allows you to find hostnames by ip addresses. Reverse IP lookup by resolving the PTR record.